[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 28 20:14:59 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe08de6a by security tracker role at 2023-12-28T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-7163 (A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that co ...)
+ TODO: check
+CVE-2023-7134 (A vulnerability was found in SourceCodester Medicine Tracking System 1 ...)
+ TODO: check
+CVE-2023-7133 (A vulnerability was found in y_project RuoYi 4.7.8. It has been declar ...)
+ TODO: check
+CVE-2023-7132 (A vulnerability was found in code-projects Intern Membership Managemen ...)
+ TODO: check
+CVE-2023-7131 (A vulnerability was found in code-projects Intern Membership Managemen ...)
+ TODO: check
+CVE-2023-7129 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2023-7128 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2023-7127 (A vulnerability classified as critical was found in code-projects Auto ...)
+ TODO: check
+CVE-2023-7126 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2023-52082 (Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vul ...)
+ TODO: check
+CVE-2023-52081 (ffcss is a CLI interface to apply and configure Firefox CSS themes. Pr ...)
+ TODO: check
+CVE-2023-52079 (msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior ...)
+ TODO: check
+CVE-2023-51501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50873 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou A ...)
+ TODO: check
+CVE-2023-50860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50858 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disabl ...)
+ TODO: check
+CVE-2023-50857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50856 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50855 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50853 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50848 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50847 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50846 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50845 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50844 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50842 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50841 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50840 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50839 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50838 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-50836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50470 (A cross-site scripting (XSS) vulnerability in the component admin_ Vid ...)
+ TODO: check
+CVE-2023-50267 (MeterSphere is a one-stop open source continuous testing platform. Pri ...)
+ TODO: check
+CVE-2023-4672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-4671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-46987 (SeaCMS v12.9 was discovered to contain a remote code execution (RCE) v ...)
+ TODO: check
+CVE-2023-36381 (Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt G ...)
+ TODO: check
+CVE-2023-32795 (Deserialization of Untrusted Data vulnerability in WooCommerce Product ...)
+ TODO: check
+CVE-2023-32513 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u201 ...)
+ TODO: check
CVE-2023-7124 (A vulnerability, which was classified as problematic, was found in cod ...)
NOT-FOR-US: code-projects E-Commerce Site
CVE-2023-7123 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -1643,7 +1735,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
- {DSA-5588-1 DSA-5586-1 DLA-3694-1}
+ {DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3694-1}
- dropbear <unfixed> (bug #1059001)
- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -5745,7 +5837,7 @@ CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection
CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...)
NOT-FOR-US: Amazzing Filter for Prestashop
CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...)
- {DLA-3688-1}
+ {DSA-5590-1 DLA-3688-1}
- haproxy 2.6.15-1
NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html
NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3)
@@ -6319,6 +6411,7 @@ CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Requ
CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...)
+ {DSA-5591-1}
- libssh 0.10.6-1 (bug #1059059)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-6918.txt
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6)
@@ -6327,6 +6420,7 @@ CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for mess
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6)
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6)
CVE-2023-6004 [ProxyCommand/ProxyJump features enable to inject malicious code through hostname]
+ {DSA-5591-1}
- libssh 0.10.6-1 (bug #1059061)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
@@ -16541,6 +16635,7 @@ CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on por
NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8)
NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12)
CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automation pla ...)
+ {DLA-3695-1}
- ansible-core 2.14.11-1 (bug #1053693)
[bookworm] - ansible-core <no-dsa> (Minor issue)
[bullseye] - ansible-core <no-dsa> (Minor issue)
@@ -22636,6 +22731,7 @@ CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in Rea
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/
CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...)
+ {DSA-5590-1}
- haproxy 2.6.15-1 (bug #1043502)
[buster] - haproxy <not-affected> (Vulnerable code not present)
NOTE: https://github.com/haproxy/haproxy/issues/2237
@@ -46690,8 +46786,8 @@ CVE-2023-27449
RESERVED
CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27447
- RESERVED
+CVE-2023-27447 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...)
@@ -79853,6 +79949,7 @@ CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo H
CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...)
NOT-FOR-US: Lenovo
CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
+ {DLA-3695-1}
- ansible 7.0.0+dfsg-1
[bullseye] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
@@ -155037,13 +155134,13 @@ CVE-2021-43213
RESERVED
CVE-2021-43212
RESERVED
-CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43210
RESERVED
-CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -158631,7 +158728,7 @@ CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manag
- froxlor <itp> (bug #581792)
CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...)
NOT-FOR-US: DCN S4600 switches
-CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -158645,7 +158742,7 @@ CVE-2021-42318
RESERVED
CVE-2021-42317
RESERVED
-CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+CVE-2021-42316 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -158665,17 +158762,17 @@ CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability)
+CVE-2021-42306 (<p>An information disclosure vulnerability manifests when a user or an ...)
NOT-FOR-US: Microsoft
-CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42300 (Azure Sphere Tampering Vulnerability)
NOT-FOR-US: Microsoft
@@ -158683,7 +158780,7 @@ CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -158695,7 +158792,7 @@ CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine
NOT-FOR-US: Microsoft
CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42290
RESERVED
@@ -158703,7 +158800,7 @@ CVE-2021-42289
RESERVED
CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...)
NOT-FOR-US: Microsoft
@@ -158711,9 +158808,9 @@ CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42281
RESERVED
@@ -158721,7 +158818,7 @@ CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
NOT-FOR-US: Microsoft
@@ -161047,25 +161144,25 @@ CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41373 (FSLogix Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability)
+CVE-2021-41372 (<p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: Microsoft
CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41369
RESERVED
CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
NOT-FOR-US: Microsoft
@@ -161101,7 +161198,7 @@ CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode)
NOT-FOR-US: Microsoft
CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -163498,13 +163595,13 @@ CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
NOT-FOR-US: Microsoft
-CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-40446
RESERVED
CVE-2021-40445
RESERVED
-CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability)
+CVE-2021-40444 (<p>Microsoft is investigating reports of a remote code execution vulne ...)
NOT-FOR-US: Microsoft
CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -167876,7 +167973,7 @@ CVE-2021-38673
RESERVED
CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38670
RESERVED
@@ -167884,7 +167981,7 @@ CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38668
RESERVED
-CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -167898,11 +167995,11 @@ CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulne
NOT-FOR-US: Microsoft
CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability)
+CVE-2021-38659 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -167910,25 +168007,25 @@ CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38650 (Microsoft Office Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...)
NOT-FOR-US: Microsoft
-CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -167940,7 +168037,7 @@ CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38640
RESERVED
-CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
NOT-FOR-US: Microsoft
@@ -167958,7 +168055,7 @@ CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...)
NOT-FOR-US: Microsoft
@@ -167966,9 +168063,9 @@ CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privi
NOT-FOR-US: Microsoft
CVE-2021-38627
RESERVED
-CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
@@ -172382,13 +172479,13 @@ CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_stri
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 (v3.4.1)
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f (v3.6.0)
-CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36971
RESERVED
@@ -172404,7 +172501,7 @@ CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -172412,11 +172509,11 @@ CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36961 (Windows Installer Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-36958 (<p>A remote code execution vulnerability exists when the Windows Print ...)
NOT-FOR-US: Microsoft
CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -172438,7 +172535,7 @@ CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass V
NOT-FOR-US: Microsoft
CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability)
NOT-FOR-US: Microsoft
@@ -172446,7 +172543,7 @@ CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-36944
RESERVED
-CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36942 (Windows LSA Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -172460,7 +172557,7 @@ CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure
NOT-FOR-US: Microsoft
CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36935
RESERVED
@@ -172472,7 +172569,7 @@ CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosur
NOT-FOR-US: Microsoft
CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
NOT-FOR-US: Microsoft
-CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -176017,6 +176114,7 @@ CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable
NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16)
NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91)
CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...)
+ {DLA-3695-1}
- ansible-core 2.12.0-1
- ansible 5.4.0-1
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -178315,7 +178413,7 @@ CVE-2021-34526
RESERVED
CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+CVE-2021-34524 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
NOT-FOR-US: Microsoft
@@ -178389,9 +178487,9 @@ CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -178859,6 +178957,7 @@ CVE-2021-3585 (A flaw was found in openstack-tripleo-heat-templates. Plain passw
CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
- foreman <itp> (bug #663101)
CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
+ {DLA-3695-1}
- ansible 5.4.0-1
[bullseye] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <end-of-life> (EOL'd for stretch)
@@ -180178,7 +180277,7 @@ CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerabi
NOT-FOR-US: Microsoft
CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
@@ -193980,6 +194079,7 @@ CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configu
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368
NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...)
+ {DLA-3695-1}
- ansible 2.10.7+merged+base+2.10.8+dfsg-1 (bug #1014721)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
NOTE: Fedora announcement https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/
@@ -199369,7 +199469,7 @@ CVE-2021-26446
RESERVED
CVE-2021-26445
RESERVED
-CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerabil ...)
NOT-FOR-US: Microsoft
@@ -199385,7 +199485,7 @@ CVE-2021-26438
RESERVED
CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability)
NOT-FOR-US: Microsoft
@@ -199407,7 +199507,7 @@ CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Siemens
CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -216380,6 +216480,7 @@ CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This
CVE-2021-20192
REJECTED
CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...)
+ {DLA-3695-1}
- ansible 5.4.0-1 (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <end-of-life> (EOL'd for stretch)
@@ -216430,6 +216531,7 @@ CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully c
- dogtag-pki 10.10.2-2
NOTE: https://github.com/dogtagpki/pki/pull/3475
CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...)
+ {DLA-3695-1}
- ansible 5.4.0-1 (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <end-of-life> (EOL'd for stretch)
@@ -326017,7 +326119,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
- {DSA-4950-1}
+ {DSA-4950-1 DLA-3695-1}
- ansible 2.8.6+dfsg-1 (bug #933005)
[stretch] - ansible <end-of-life> (EOL'd for stretch)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe08de6a1b6e6558cdbaeb4599231a5489eb5666
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe08de6a1b6e6558cdbaeb4599231a5489eb5666
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231228/9ec45079/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list