[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 31 09:12:19 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd4691ce by security tracker role at 2023-08-31T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...)
+ TODO: check
+CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
+CVE-2023-4653 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
+ TODO: check
+CVE-2023-4652 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
+ TODO: check
+CVE-2023-4651 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...)
+ TODO: check
+CVE-2023-4650 (Improper Access Control in GitHub repository instantsoft/icms2 prior t ...)
+ TODO: check
+CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16. ...)
+ TODO: check
+CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2023-4471 (The Order Tracking Pro plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2023-4315 (The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-S ...)
+ TODO: check
+CVE-2023-4245 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2023-4163 (In Brocade Fabric OS before v9.2.0a, a local authenticated privileged ...)
+ TODO: check
+CVE-2023-4162 (A segmentation fault can occur in Brocade Fabric OS after Brocade Fab ...)
+ TODO: check
+CVE-2023-4161 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2023-4160 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-4000 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...)
+ TODO: check
+CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...)
+ TODO: check
+CVE-2023-41040 (GitPython is a python library used to interact with Git repositories. ...)
+ TODO: check
+CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-3677 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-3636 (The WP Project Manager plugin for WordPress is vulnerable to privilege ...)
+ TODO: check
+CVE-2023-3489 (The firmwaredownload command on Brocade Fabric OS v9.2.0 could log th ...)
+ TODO: check
+CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized dec ...)
+ TODO: check
+CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...)
+ TODO: check
+CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...)
+ TODO: check
+CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...)
+ TODO: check
+CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...)
+ TODO: check
+CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...)
+ TODO: check
+CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...)
+ TODO: check
+CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication ...)
+ TODO: check
+CVE-2023-31714 (Chitor-CMS before v1.1.2 was discovered to contain multiple SQL inject ...)
+ TODO: check
+CVE-2023-31424 (Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a ...)
+ TODO: check
+CVE-2023-31423 (Possible information exposure through log file vulnerability where se ...)
+ TODO: check
+CVE-2023-2354 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
CVE-2023-4640 (The controller responsible for setting the logging level does not incl ...)
TODO: check
CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/b ...)
@@ -4949,6 +5027,7 @@ CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read a
CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...)
+ {DLA-3551-1}
- znuny 6.5.3-1
[bookworm] - znuny <no-dsa> (Minor issue)
- otrs2 <removed>
@@ -14273,8 +14352,8 @@ CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related W
- mattermost-server <itp> (bug #823556)
CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2279
- RESERVED
+CVE-2023-2279 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
CVE-2023-2278 (The WP Directory Kit plugin for WordPress is vulnerable to Local File ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-2277 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...)
@@ -15031,8 +15110,8 @@ CVE-2023-2231 (A vulnerability, which was classified as critical, was found in M
NOT-FOR-US: MAXTECH
CVE-2023-2230
REJECTED
-CVE-2023-2229
- RESERVED
+CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...)
@@ -15151,8 +15230,8 @@ CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 15.11.11+ds1-1
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2188
- RESERVED
+CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2023-30896
RESERVED
CVE-2023-30895
@@ -15260,14 +15339,14 @@ CVE-2022-4943
RESERVED
CVE-2023-2175
RESERVED
-CVE-2023-2174
- RESERVED
-CVE-2023-2173
- RESERVED
-CVE-2023-2172
- RESERVED
-CVE-2023-2171
- RESERVED
+CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
+CVE-2023-2173 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...)
+ TODO: check
+CVE-2023-2172 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...)
+ TODO: check
+CVE-2023-2171 (The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
CVE-2023-2170 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: TaxoPress plugin for WordPress
CVE-2023-2169 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -31996,8 +32075,8 @@ CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulne
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...)
NOT-FOR-US: HashiCorp Boundary
-CVE-2023-0689
- RESERVED
+CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
+ TODO: check
CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...)
@@ -36911,8 +36990,8 @@ CVE-2023-23767
RESERVED
CVE-2023-23766
RESERVED
-CVE-2023-23765
- RESERVED
+CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
+ TODO: check
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763
@@ -47075,6 +47154,7 @@ CVE-2022-4429 (Avira Security for Windows contains an unquoted service path whic
CVE-2022-4428 (support_uri parameter in the WARP client local settings file (mdm.xml) ...)
NOT-FOR-US: Cloudflare Warp
CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ...)
+ {DLA-3551-1}
- znuny 6.4.5-1
- otrs2 <removed>
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -140801,7 +140881,7 @@ CVE-2021-41186 (Fluentd collects events from various data sources and writes the
CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
NOT-FOR-US: Mycodo
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- {DLA-3230-1}
+ {DLA-3551-1 DLA-3230-1}
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
[stretch] - jqueryui <no-dsa> (Minor issue)
@@ -140812,7 +140892,7 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- {DLA-3230-1 DLA-2889-1}
+ {DLA-3551-1 DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -140826,7 +140906,7 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior t
NOTE: https://www.drupal.org/sa-core-2022-001
NOTE: https://www.znuny.org/en/advisories/zsa-2022-01
CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
- {DLA-3230-1 DLA-2889-1}
+ {DLA-3551-1 DLA-3230-1 DLA-2889-1}
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
@@ -153738,6 +153818,7 @@ CVE-2021-36102
CVE-2021-36101
RESERVED
CVE-2021-36100 (Specially crafted string in OTRS system configuration can allow the ex ...)
+ {DLA-3551-1}
- znuny <not-affected> (Fixed before initial upload to archive as src:znuny)
- otrs2 6.3.2-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -153770,6 +153851,7 @@ CVE-2021-36092 (It's possible to create an email which contains specially crafte
NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release
NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846
CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
@@ -191528,6 +191610,7 @@ CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker h
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
@@ -191536,18 +191619,21 @@ CVE-2021-21443 (Agents are able to list customer user emails without required pe
CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
NOT-FOR-US: OTRS TimeAccounting module
CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
+ {DLA-3551-1}
- otrs2 6.0.32-5 (bug #989992)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
NOTE: Fixed by: https://github.com/znuny/Znuny/commit/48b8d2bc85280d702bd0d21783f5d31e2fa5fa51 (rel-6_0_34)
CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ {DLA-3551-1}
- otrs2 6.0.32-6 (bug #991593)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934 (rel-6_1_1)
CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
+ {DLA-3551-1}
- otrs2 6.0.32-5 (bug #989992)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
@@ -192648,6 +192734,7 @@ CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a m
CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
NOT-FOR-US: OnlineVotingSystem
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
+ {DLA-3551-1}
- civicrm 5.50.1+dfsg1-1 (bug #980892)
[bullseye] - civicrm <no-dsa> (Minor issue)
- otrs2 6.0.32-4 (bug #980891)
@@ -248603,7 +248690,7 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
- {DSA-4693-1 DLA-2608-1}
+ {DSA-4693-1 DLA-3551-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -248617,7 +248704,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
NOTE: https://www.drupal.org/sa-core-2020-002
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
- {DSA-4693-1 DLA-2608-1}
+ {DSA-4693-1 DLA-3551-1 DLA-2608-1}
- jquery <removed>
[buster] - jquery 3.3.1~dfsg-3+deb10u1
[jessie] - jquery <not-affected> (Vulnerable code not present)
@@ -273733,6 +273820,7 @@ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed
- otrs2 <not-affected> (Only affects 7.x and 8.x)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...)
+ {DLA-3551-1}
- otrs2 6.0.29-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
@@ -273742,13 +273830,14 @@ CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article det
- otrs2 <not-affected> (ONly affects 7.x and 8.x series)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-12/
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
@@ -273757,7 +273846,7 @@ CVE-2020-1773 (An attacker with the ability to generate session IDs or password
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
@@ -273765,6 +273854,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
@@ -273772,7 +273862,7 @@ CVE-2020-1771 (Attacker is able craft an article with a link to the customer add
NOTE: Fixed in 7.0.16, 6.0.27
NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
- {DLA-2198-1}
+ {DLA-3551-1 DLA-2198-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
@@ -273780,6 +273870,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
+ {DLA-3551-1}
- otrs2 6.0.27-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
@@ -273791,20 +273882,20 @@ CVE-2020-1768 (The external frontend system uses numerous background calls to th
- otrs2 <not-affected> (Only affects 7.0.x series)
NOTE: https://community.otrs.com/security-advisory-2020-04/
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...)
- {DLA-2079-1}
+ {DLA-3551-1 DLA-2079-1}
- otrs2 6.0.25-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
@@ -280832,6 +280923,7 @@ CVE-2019-18182 (pacman before 5.2 is vulnerable to arbitrary command injection i
CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...)
NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
+ {DLA-3551-1}
- otrs2 6.0.24-1 (bug #945251)
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
@@ -280839,7 +280931,7 @@ CVE-2019-18180 (Improper Check for filenames with overly long extensions in Post
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/da057277c8620f0885c70090f565f1fa81f2c7e9
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/799616eb43f7fb53cae4e04c81e2156baaf02e2b
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- {DLA-2053-1}
+ {DLA-3551-1 DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
@@ -285561,6 +285653,7 @@ CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Acc
CVE-2019-16376
RESERVED
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
+ {DLA-3551-1}
- otrs2 6.0.23-1
[stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Minor issue)
@@ -296102,7 +296195,7 @@ CVE-2019-13460
CVE-2019-13459
RESERVED
CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- {DLA-1877-1}
+ {DLA-3551-1 DLA-1877-1}
- otrs2 6.0.20-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
@@ -298159,7 +298252,7 @@ CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.)
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...)
NOT-FOR-US: TYPO3
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
- {DLA-1877-1}
+ {DLA-3551-1 DLA-1877-1}
- otrs2 6.0.20-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
@@ -298737,7 +298830,7 @@ CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing
CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...)
NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- {DLA-1816-1}
+ {DLA-3551-1 DLA-1816-1}
- otrs2 6.0.19-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
@@ -299482,7 +299575,7 @@ CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via th
CVE-2019-12249
RESERVED
CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- {DLA-1816-1}
+ {DLA-3551-1 DLA-1816-1}
- otrs2 6.0.19-1
[stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
@@ -302338,7 +302431,7 @@ CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
- {DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
+ {DSA-4460-1 DSA-4434-1 DLA-3551-1 DLA-2118-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
- jquery 3.3.1~dfsg-2 (bug #927385)
[stretch] - jquery 3.1.1-2+deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4691ce23cafa2e082de1091e6d4bee4e241c45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4691ce23cafa2e082de1091e6d4bee4e241c45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230831/6970f13b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list